PCI DSS Compliance As Never-Ending Journey

In recent post on this blog, I’ve talked about PCI Data Security Standard and compliance. An interesting article about this topic comes to my attention today. That article talks about PCI DSS compliance not as a destination, but as a never-ending journey once you embark on it. That article cites Shon Harris’s words “Security is a marathon to be run at a consistent and continual pace. It is not a short sprint, and it is not for those who lack dedication or discipline.”

Conclusion is:

A fully compliant PCI “Report on Compliance” is not a guarantee that you will never be subject to an attack again nor is it an insurance against hackers. Hacking activities are not only on the rise but hackers are getting more sophisticated day by day. They have recently attacked established companies like AT&T, CardSystems and many other big names. No company is immune. Companies must be consistent and thorough in their approach to data security. They must always remember that they are under a contractual agreement with the credit card companies to keep the consumer data secure. They must be ready to prove that they have exercised “due care” to the data that have been entrusted to their care at all times.